Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Securing the server

It's recommended to disable root user after completing the bootstrap and using another, sudo-enabled account for future server visits.

Create new user

In order to create new user, invoke the following:

adduser <myuser>
gpasswd -a <myuser> wheel
passwd <myuser>

Finish by entering your new user's password. Now you should be able to log into your server with new account. You can re-provision your server at any time using new account:

sudo chef-client

This is usually done when web app updates have been pushed and they need re-deploy or when you have changed your server's Chef configuration.

Disable root access

Next, let's disable root user completely. Invoke the following:

passwd -d root
yum -y install nano
nano /etc/ssh/sshd_config

Move to the end of the file and add the following:

PermitRootLogin no

Hit Ctrl+O and Ctrl+X. Finish by restarting SSH:

service sshd restart

Configuration

Coming soon. Sorry for inconvenience.

Private repos

If some of your applications are stored on private repositories, their initial deploy will fail due to access denial. In such case, you'll see error messages but the whole Chef run will finish with remaining tasks. Among others, it will still create system accounts and SSH keys for these applications. You can display SSH key for specific app with the following command:

sudo cat /home/deploy-<app-name>/.ssh/id_rsa.pub

Add this key as a deployment key in GitHub or BitBucket and re-provision to finish the deployment.

Backup

Simply add S3 backup credentials to have a daily backup of all your PostgreSQL and MongoDB databases: